Hi guys. I was wondering if you could assist me in finding why Im getting random BSOD's Incidently where can I learn to debug windows using DMP files, error logs etc? I am currently trying to upload the related dmp file to skydrive but I only havea 1Mb upload so it may take a while >.< The back story is I was getting BSOD's where MAFW.sys would be names on screen (my m-audio firewire sound card) As there was only one driver available for the card i was just putting up with it. Now i seem to be getting random BSODS which so not give an error message, they will happen sometimes after the computer has been sat idle for hours or sometimes when playing a game or watching a movie. they are happening 2-3 times a day now. key hardware: 2X9800gt nforce 570 chipset athlon64x2 aforementioned sound card. software running during all BSODS: windows 7 pro Zone alarm AVG Utorrent Reclusa keyboard editor MAFW control panel. My installed apps are shown here. http://cid-3f163e004f38c23c.skydrive.live.com/embedphoto.aspx/.Public/apps.jpg Debugger reads.... Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\David\Desktop\MEMORY.DMP] Kernel Summary Dump File: Only kernel address space is available Symbol search path is: C:\Symbols Executable search path is: Windows 7 Kernel Version 7600 MP (2 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7600.16385.amd64fre.win7_rtm.090713-1255 Machine Name: Kernel base = 0xfffff800`02a16000 PsLoadedModuleList = 0xfffff800`02c53e50 Debug session time: Tue Apr 6 22:51:59.041 2010 (GMT+1) System Uptime: 0 days 6:36:12.916 Loading Kernel Symbols ............................................................... ................................................................ ................................ Loading User Symbols Loading unloaded module list ......... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 7F, {8, 80050031, 6f8, fffff80002a8d5a2} *** ERROR: Module load completed but symbols could not be loaded for avgtdia.sys *** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys Probably caused by : NETIO.SYS ( NETIO!CompareSecurityContexts+6a ) Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* UNEXPECTED_KERNEL_MODE_TRAP (7f) This means a trap occurred in kernel mode, and it's a trap of a kind that the kernel isn't allowed to have/catch (bound trap) or that is always instant death (double fault). The first number in the bugcheck params is the number of the trap (8 = double fault, etc) Consult an Intel x86 family manual to learn more about what these traps are. Here is a *portion* of those codes: If kv shows a taskGate use .tss on the part before the colon, then kv. Else if kv shows a trapframe use .trap on that value Else .trap on the appropriate frame will show where the trap was taken (on x86, this will be the ebp that goes with the procedure KiTrap) Endif kb will then show the corrected stack. Arguments: Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT Arg2: 0000000080050031 Arg3: 00000000000006f8 Arg4: fffff80002a8d5a2 Debugging Details: ------------------ BUGCHECK_STR: 0x7f_8 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: System CURRENT_IRQL: 2 LAST_CONTROL_TRANSFER: from fffff80002a87469 to fffff80002a87f00 STACK_TEXT: fffff880`009efc68 fffff800`02a87469 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx fffff880`009efc70 fffff800`02a85932 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69 fffff880`009efdb0 fffff800`02a8d5a2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2 fffff880`0ad18000 fffff800`02a50842 : fffffa80`07761080 00000000`00000001 00000000`00000000 fffffa80`04b4e068 : nt!SeAccessCheckWithHint+0x312 fffff880`0ad180e0 fffff880`01606c5a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SeAccessCheckFromState+0x102 fffff880`0ad187d0 fffff880`0160494f : 00000000`c0000022 00000000`00000000 00000000`00000000 00000000`00000000 : NETIO!CompareSecurityContexts+0x6a fffff880`0ad18840 fffff880`016069b5 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NETIO!MatchValues+0xef fffff880`0ad18890 fffff880`01606845 : fffffa80`06ea8160 fffffa80`06f6f510 fffff880`0ad18ab8 fffff880`0ad191f0 : NETIO!FilterMatch+0x95 fffff880`0ad188e0 fffff880`01607ccb : 00000000`00000000 00000000`00000000 fffff880`0ad191f0 fffff880`0ad18aa0 : NETIO!IndexListClassify+0x69 fffff880`0ad18960 fffff880`0183e4d0 : fffff880`0ad191f0 fffff880`0ad18e38 fffff880`0ad19b70 fffffa80`0abdf740 : NETIO!KfdClassify+0xa4e fffff880`0ad18cd0 fffff880`0183777e : fffff880`01946690 00000000`00000000 fffffa80`06a38db0 00000000`00000000 : tcpip!WfpAleClassify+0x50 fffff880`0ad18d10 fffff880`01836c15 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!WfpAlepAuthorizeSend+0x94e fffff880`0ad19420 fffff880`0183a956 : 00000000`00000000 00000000`00000000 00000000`00000011 00000000`00000000 : tcpip!WfpAleAuthorizeSend+0x325 fffff880`0ad196f0 fffff880`0183d6a4 : 00000000`00000000 fffff880`0ad19b28 fffff880`0ad19b30 fffff880`0ad1a630 : tcpip!WfpAleConnectAcceptIndicate+0x106 fffff880`0ad197e0 fffff880`01835f59 : 00000000`0000002c fffff880`0ad19e30 00000000`00000001 00000000`00000008 : tcpip!ProcessALEForTransportPacket+0x664 fffff880`0ad19a50 fffff880`01862bf6 : 00000000`00000000 00000000`00000002 fffffa80`06a68900 fffff800`02a28900 : tcpip!WfpProcessOutTransportStackIndication+0x329 fffff880`0ad19c20 fffff880`01867a7e : fffffa80`06a623b0 fffff880`01602804 fffff880`0196c9a0 fffffa80`06a38db0 : tcpip!IppSendDatagramsCommon+0x526 fffff880`0ad19ef0 fffff880`01834cf8 : fffffa80`06a38db0 fffffa80`0abdf740 fffffa80`0abdf740 fffffa80`06a623b0 : tcpip!IpNlpSendDatagrams+0x3e fffff880`0ad19f30 fffff880`0183526d : fffffa80`04b99380 fffffa80`06b6c6e0 fffff880`0ad1a880 00000000`00000000 : tcpip!UdpSendMessagesOnPathCreation+0x688 fffff880`0ad1a2b0 fffff880`01834ef5 : fffff880`0ad1a7e0 fffffa80`06a38900 fffffa80`00000001 fffffa80`06d45800 : tcpip!UdpSendMessages+0x35d fffff880`0ad1a6a0 fffff800`02a9764a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!UdpTlProviderSendMessagesCalloutRoutine+0x15 fffff880`0ad1a6d0 fffff880`018354b8 : fffff880`01834ee0 fffff880`0ad1a7e0 00000000`00000002 00000000`00000000 : nt!KeExpandKernelStackAndCalloutEx+0xda fffff880`0ad1a7b0 fffff880`01027f45 : fffffa80`04a20860 fffffa80`06770ec0 fffffa80`06a2dcd0 fffffa80`04fe758e : tcpip!UdpTlProviderSendMessages+0x78 fffff880`0ad1a830 fffff880`01027ff2 : fffffa80`00000002 fffffa80`04fb8bc0 fffffa80`094eb650 fffff880`00000014 : tdx!TdxSendDatagramTransportAddress+0x2f5 fffff880`0ad1a910 fffff880`03a23bee : fffffa80`094eb4f0 fffff800`02a97beb fffffa80`06a16da0 fffffa80`04fe73a0 : tdx!TdxTdiDispatchInternalDeviceControl+0x52 fffff880`0ad1a940 fffff880`03a243a5 : 00000000`00000000 00000000`0000003e fffffa80`06a16da0 fffffa80`0a9b3640 : avgtdia+0x4bee fffff880`0ad1a970 fffff880`03a71542 : fffffa80`04fe73a0 fffffa80`06a16da0 00000000`00000000 fffffa80`094eb4f0 : avgtdia+0x53a5 fffff880`0ad1a9a0 fffff880`03a71f61 : fffffa80`04fe7558 fffffa80`04fe7558 fffffa80`0403d920 fffff880`0ad1aaa0 : netbt!TdiSendDatagram+0x187 fffff880`0ad1aa10 fffff880`03a7e329 : fffffa80`074d4e00 fffffa80`04fe73a0 00000000`00000021 00000000`0000003e : netbt!UdpSendDatagram+0x1b1 fffff880`0ad1aaa0 fffff880`03a7e0e6 : 00000000`00000001 00000000`00000000 00000000`00000032 fffff880`03a90089 : netbt!UdpSendResponse+0x4e0 fffff880`0ad1ab20 fffff880`03a72be7 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : netbt!QueryFromNet+0xb11 fffff880`0ad1ac50 fffff880`03a70b47 : 00000000`00000032 fffffa80`05af302a 00000000`00000032 fffffa80`06a2dc02 : netbt!NameSrvHndlrNotOs+0xca fffff880`0ad1ac90 fffff880`01026325 : fffffa80`06a68340 fffffa80`06a20002 fffff880`0ad1af98 fffffa80`06a68340 : netbt!TdiRcvNameSrvHandler+0x367 fffff880`0ad1ad30 fffff880`018403c5 : fffffa80`06a2db80 00000000`00000000 fffffa80`06a2db80 fffffa80`06a2db80 : tdx!TdxEventReceiveMessagesTransportAddress+0x315 fffff880`0ad1af20 fffff880`018408d4 : fffffa80`00000000 fffffa80`06a2db80 00000000`00000000 fffffa80`05af3022 : tcpip!UdpDeliverDatagrams+0x155 fffff880`0ad1b0b0 fffff880`0185c427 : fffffa80`04b4ec40 fffff880`00000000 fffffa80`05cdd010 00000000`00000000 : tcpip!UdpReceiveDatagrams+0x324 fffff880`0ad1b1a0 fffff880`0185c499 : fffff880`0ad1b320 fffff880`0196c9a0 fffff880`0ad1b330 fffffa80`04a1c3e0 : tcpip!IppDeliverListToProtocol+0xf7 fffff880`0ad1b260 fffff880`0185c990 : fffff880`0196c9a0 fffffa80`04154350 00000000`00000011 fffff880`0ad1b320 : tcpip!IppProcessDeliverList+0x59 fffff880`0ad1b2d0 fffff880`0185b821 : 00000000`ff00a8c0 fffffa80`04b45138 fffff880`0196c9a0 00000000`05345901 : tcpip!IppReceiveHeaderBatch+0x231 fffff880`0ad1b3b0 fffff880`01935592 : fffffa80`05cc2cd0 00000000`00000000 fffffa80`05345901 fffffa80`00000001 : tcpip!IpFlcReceivePackets+0x651 fffff880`0ad1b5b0 fffff880`01694afa : fffffa80`03fb7c02 fffffa80`03fb7c90 00000000`00000002 00000000`00000000 : tcpip!IppInspectInjectReceive+0xf2 fffff880`0ad1b5f0 fffff880`03b53863 : fffffa80`06f2bf20 fffffa80`05345940 00000000`00000000 00000000`00000000 : fwpkclnt!FwpsInjectTransportReceiveAsync0+0x256 fffff880`0ad1b6a0 fffff880`03b52a86 : fffffa80`05345940 fffffa80`04ff2440 fffffa80`0b1536a8 fffffa80`0b153570 : vsdatant+0x15863 fffff880`0ad1b730 fffff880`03b4c651 : fffffa80`05345940 fffffa80`05345940 fffff880`0ad1bf00 fffffa80`05345a38 : vsdatant+0x14a86 fffff880`0ad1b830 fffff880`0161d57f : fffff880`0ad1be48 fffff880`0ad1bf60 fffffa80`05af4e20 fffffa80`06f7a580 : vsdatant+0xe651 fffff880`0ad1b960 fffff880`016074db : fffffa80`06ed0018 fffff880`0ad1be48 fffffa80`06d45858 fffffa80`05af4e20 : NETIO! ?? ::FNODOBFM::`string'+0x7267 fffff880`0ad1ba80 fffff880`0190002b : fffff880`0ad1c498 fffff880`0ad1be48 fffff880`0ad1c498 fffffa80`05af4e20 : NETIO!KfdClassify+0x24b fffff880`0ad1bdf0 fffff880`01803d10 : 00000000`00000000 fffffa80`06a38db0 fffffa80`06d45960 00000000`00000000 : tcpip!WFPDatagramDataShimV4+0x49b fffff880`0ad1c150 fffff880`0187cf2d : fffff880`0ad1c5a8 fffff880`016f628a fffffa80`04a141b0 fffffa80`05af4e20 : tcpip! ?? ::FNODOBFM::`string'+0x2b82f fffff880`0ad1c3c0 fffff880`0183f080 : fffffa80`06a38db0 00000000`00000000 00000000`00000002 00000000`00000000 : tcpip!ProcessAleForNonTcpIn+0x1ad fffff880`0ad1c4e0 fffff880`0186d861 : fffffa80`00000011 fffffa80`06a20002 fffffa80`04b48900 00000000`00008900 : tcpip!WfpProcessInTransportStackIndication+0xb10 fffff880`0ad1c850 fffff880`0183ff93 : fffffa80`06a2db80 fffffa80`04b4b380 00000000`00000000 fffffa80`04b45000 : tcpip!InetInspectReceiveDatagram+0x121 fffff880`0ad1c8f0 fffff880`01840345 : fffffa80`06a2db80 00000000`00000000 fffffa80`04b4b380 00000000`00000000 : tcpip!UdpBeginMessageIndication+0x83 fffff880`0ad1ca40 fffff880`018408d4 : fffffa80`00000000 fffffa80`06a2db80 00000000`00000000 fffffa80`05af3022 : tcpip!UdpDeliverDatagrams+0xd5 fffff880`0ad1cbd0 fffff880`0185c427 : fffffa80`04b4ec40 00000000`00000000 fffffa80`05cdd010 00000000`00000000 : tcpip!UdpReceiveDatagrams+0x324 fffff880`0ad1ccc0 fffff880`0185c499 : fffff880`0ad1ce40 fffff880`0196c9a0 fffff880`0ad1ce50 fffffa80`04a1c3e0 : tcpip!IppDeliverListToProtocol+0xf7 fffff880`0ad1cd80 fffff880`0185c990 : fffff880`0196c9a0 fffffa80`05af4f50 00000000`00000011 fffff880`0ad1ce40 : tcpip!IppProcessDeliverList+0x59 fffff880`0ad1cdf0 fffff880`0185b821 : 00000000`ff00a8c0 fffffa80`04b45000 fffff880`0196c9a0 00000000`05bee601 : tcpip!IppReceiveHeaderBatch+0x231 fffff880`0ad1ced0 fffff880`0185a272 : fffffa80`05cc2cd0 00000000`00000000 fffffa80`05bee601 fffff880`00000001 : tcpip!IpFlcReceivePackets+0x651 fffff880`0ad1d0d0 fffff880`018736ba : fffffa80`05bee6a0 fffff880`0ad1d200 fffffa80`05bee6a0 fffffa80`06dc0000 : tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x2b2 fffff880`0ad1d1b0 fffff800`02a9764a : fffffa80`05af4e20 fffff880`0ad18000 00000000`00004800 00000000`00000000 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0xda fffff880`0ad1d200 fffff880`018730e2 : fffff880`018735e0 fffff880`0ad1d310 00000000`00000002 00000000`00000000 : nt!KeExpandKernelStackAndCalloutEx+0xda fffff880`0ad1d2e0 fffff880`017b30eb : fffffa80`05c468d0 00000000`00000000 fffffa80`055c91a0 fffffa80`055c91a0 : tcpip!FlReceiveNetBufferListChain+0xb2 fffff880`0ad1d350 fffff880`0177cfc6 : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : ndis!ndisMIndicateNetBufferListsToOpen+0xdb fffff880`0ad1d3c0 fffff880`016ffa24 : fffffa80`055c91a0 00000000`00000002 00000000`00000001 fffff880`01835651 : ndis!ndisMDispatchReceiveNetBufferLists+0x1d6 fffff880`0ad1d840 fffff880`016ff9e9 : 00000000`00000000 fffffa80`09799700 00000000`00000000 00000000`00000001 : ndis!ndisMTopReceiveNetBufferLists+0x24 fffff880`0ad1d880 fffff880`016ff980 : fffffa80`05bee6a0 00000000`00000001 ffff0000`096bd584 00000000`00000001 : ndis!ndisFilterIndicateReceiveNetBufferLists+0x29 fffff880`0ad1d8c0 fffff880`03b5664d : fffffa80`05c15160 00000000`00000001 00000000`00000001 fffffa80`05af4e20 : ndis!NdisFIndicateReceiveNetBufferLists+0x50 fffff880`0ad1d900 fffff880`017172b7 : fffffa80`05c15160 fffffa80`05af4e20 00000000`00000000 fffff880`00000001 : vsdatant+0x1864d fffff880`0ad1d9a0 fffff880`040fa974 : fffffa80`0580c000 fffffa80`059edc00 00000000`18008000 00000000`00000001 : ndis! ?? ::FNODOBFM::`string'+0xccef fffff880`0ad1d9f0 fffff880`041161e8 : 00000000`00000000 00000000`18008000 00000000`18008000 00000000`00000000 : nvm62x64!OS_IndicatePacketsRx+0x88 fffff880`0ad1da30 fffff880`04115c1e : fffff880`00000004 00000000`00000000 00000000`00000000 00000000`00000000 : nvm62x64!UpdateReceiveDescRingData64+0x370 fffff880`0ad1daf0 fffff880`0411308d : fffffa80`061a5590 fffffa80`0580c000 00000000`00000000 00000000`00000000 : nvm62x64!ADAPTER_HandleInterrupt64+0xfa fffff880`0ad1db40 fffff880`040fd713 : fffffa80`061a5698 fffff800`02a8f052 fffffa80`055c91a0 fffffa80`061a5590 : nvm62x64!HMacDDpc+0x29 fffff880`0ad1db70 fffff880`01781e4b : fffff880`01758110 00000000`00000000 fffffa80`055c91a0 fffffa80`055c9f68 : nvm62x64!NDIS_HandleInterrupt+0x37 STACK_COMMAND: kb FOLLOWUP_IP: NETIO!CompareSecurityContexts+6a fffff880`01606c5a 448b442470 mov r8d,dword ptr [rsp+70h] SYMBOL_STACK_INDEX: 5 SYMBOL_NAME: NETIO!CompareSecurityContexts+6a FOLLOWUP_NAME: MachineOwner MODULE_NAME: NETIO IMAGE_NAME: NETIO.SYS DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc18a FAILURE_BUCKET_ID: X64_0x7f_8_NETIO!CompareSecurityContexts+6a BUCKET_ID: X64_0x7f_8_NETIO!CompareSecurityContexts+6a Followup: MachineOwner ---------

From the "Bugcheck Analysis" you posted is this line from the "STACK_TEXT" field: fffff880`0ad1d900 fffff880`017172b7 : fffffa80`05c15160 fffffa80`05af4e20 00000000`00000000 fffff880`00000001 : vsdatant+0x1864d I've bolded the driver, the vsdatant.sys, which is a ZoneAlarm driver. The vsdatant.sys is accessing memory at that point and may be causing the issue. Here is a previous thread on the issue with ZoneAlarm which seems to occur on some 64-bit systems: http://social.answers.microsoft.com/Forums/en/w7repair/thread/e94de527-183f-4227-9749-072ba0e7769f I would suggest to try disabling NetBIOS over TCP/IP or uninstall ZoneAlarm.

Can you recommend a suitable free alternative to zone alarm?

I have just discovered the minidumps.. please find mine at : http://cid-3f163e004f38c23c.skydrive.live.com/self.aspx/.Public/Minidump.rar Can anyone make sense of these.. ill try removing zone alarm in the meantime

You seem to have two issues. One is the UNEXPECTED_KERNEL_MODE_TRAP (7f) errors which are probably from ZoneAlarm. Uninstalling ZoneAlarm should stop these errors. The other is that the mafw.sys driver appears to be causing an issue referencing the 1394ohci.sys. This may indicate a lack of compliance with Windows 7's 1394ohci.sys. It may benefit to switch the 1394ohci.sys driver to the "legacy" driver - see the first post (post #11 in the thread) in the following link: http://forums.m-audio.com/showthread.php?16193-FireWire-410-Does-Not-Work-Wilh-Windows-7/page2

On Wed, 7 Apr 2010 16:23:05 +0000, PLEKTRUM wrote:> Can you recommend a suitable free alternative to zone alarm? Yes, the built-in Windows 7 firewall. I think it's at least as good asZoneAlarm.Ken Blake, Microsoft MVP (Windows Desktop Experience) since 2003Ken Blake

You seem to have two issues. One is the UNEXPECTED_KERNEL_MODE_TRAP (7f) errors which are probably from ZoneAlarm. Uninstalling ZoneAlarm should stop these errors. The other is that the mafw.sys driver appears to be causing an issue referencing the 1394ohci.sys. This may indicate a lack of compliance with Windows 7's 1394ohci.sys. It may benefit to switch the 1394ohci.sys driver to the "legacy" driver - see the first post (post #11 in the thread) in the following link: http://forums.m-audio.com/showthread.php?16193-FireWire-410-Does-Not-Work-Wilh-Windows-7/page2 Cheers. I'd tried this fix before but reverted back to the original driver after I thought it stopped the sound card from working. Turns out I just forgot to set the sound card back to the default sound device as i have several >.< doh! Fingers crossed all should be well. Just for the record the firewire controller was using the ol generic "Texas instruments"driver as opposed to the default Win 7 one (I think its a belkin pci card) Its now running fine on the legacy driver though. I'll check out the belkin site for specific drivers later :)

OK, good luck!

NO BSODS TO DATE :D ty for all your help

You're welcome. Glad that is working out.

Hi ! the dump files only help if there is a "target" computer setup with the symbol trees loaded from the original setup disk ready for the kernel debugger session to begin at / on a previously specified port, most often com1 or 2. Analysis is done via a remote assistance invite via the same port. Of more use to us would be any error codes generated by the blue screens themselves, usually in the form of #x####### where each # can be a letter, or a number."http://support.microsoft.com/fixit/default.aspx/". This is MICROSOFT'S new, FREE, fully automated, anonymous support portal, which can help users resolve windows and other product issues with a few mouse clicks. BOOKMARK THIS SITE, EVERYBODY !!!